- This topic is empty.
-
Posts
-
This just arrived in my mail box:
When I wrote just two weeks ago, I said you’d be hearing from me soon, with ore research on spyware. I have lots in the pipeline — as it turns out, even more than I then knew. Here are two new releases of note:
1) My last message mentioned in closing that WhenU has long been violating its privacy policy. But I’ve just found that the violations are even more pronounced than I previously understood. In the installers for several of its major programs, WhenU claims that the software “doesn’t collect or send your browsing activity anywhere.” WhenU’s “Privacy Statement” has long included a similar (and almost equally unambiguous) promise. But all these promises are demonstrably false: For at least ten months, WhenU has transmitted exactly this information — which URLs users view — whenever it shows ads. Check out my new article documenting this violation, complete
with screen-shots, HTTP logs, and an analysis of WhenU’s response.WhenU Violates Own Privacy Policy
<http://www.benedelman.org/spyware/whenu-privacy>2) Beyond the search engine cloaking I described previously, WhenU has also posted copyright-protected articles to at least twelve official WhenU web servers. In a practice starting in February 2003 or earlier, WhenU copied at least 26 news articles from at least 20 different news sites, including c|net, CNN, the New York Times, and the Wall Street Journal. The articles lack copyright notices and statements of license. One publisher has already confirmed that copies of its articles were unauthorized.
At first this might seem like run-of-the-mill unauthorized copying — the sort of thing that happens every day, on lots of web sites. But to me WhenU’s copying seems different from most: For one, it’s methodical and far-reaching — dozens of articles covering a year and a half — a far cry from typical ad-hoc copying. Particularly puzzlingly, WhenU didn’t link to these articles on its public web site. (Or, if it did, I never managed to
find the links — but I looked quite carefully.) Nonetheless, the pages ended up in search engines. Did WhenU submit them manually? Or use hidden links? I don’t know.There’s reason to suspect that WhenU’s motive was to “stuff” search engine results with articles favorable to WhenU. Even after most WhenU sites were removed from Google and Yahoo, some of these article copies still came up in searches for WhenU’s company name and product names. In any event, whatever WhenU’s motive, it doesn’t act proud of the copying: WhenU
pulled the copies as soon as I released this report. But I kept dozens of screenshots, available here:WhenU Copies 26+ Articles from 20+ News Sites
<http://www.benedelman.org/spyware/whenu-copy>And in brief —
WhenU responded to my cloaking research of last month by blaming an unnamed “outside search engine optimization firm based in New York” (WhenU CEO as quoted by c|net). Which SEO firm? WhenU apparently wouldn’t say, but I did some detective work. My findings:
Which SEO Did WhenU Use? The Best Inference: Synergy6
<http://www.benedelman.org/spyware/whenu-spam/seo.html>In the coming weeks, I’ll have still more research on spyware — more on privacy policy violations, more on installations without user consent, and even a bit on security vulnerabilities. Please keep in touch with your comments and suggestions — it’s been a treat to hear from so many of you these past weeks.
Benjamin Edelman
http://www.benedelman.org
